Am 06.05.2019 um 22:39 schrieb wireguard-request@lists.zx2c4.com:

Send WireGuard mailing list submissions to
wireguard@lists.zx2c4.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.zx2c4.com/mailman/listinfo/wireguard
or, via email, send a message with subject or body 'help' to
wireguard-request@lists.zx2c4.com

You can reach the person managing the list at
wireguard-owner@lists.zx2c4.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of WireGuard digest..."


Today's Topics:

  1. MacOS client with local DNS resolver (Peter Baumgartner)
  2. Request to change IPv4 preference - mobile apps (Will Tisdale)
  3. WireGuard Android kernel module+gnirehtet? (steamport)
  4. DNS on macos (Illule)
  5. Deploy a wireguard on 2 raspberry pi to connect 2 remote lan
     - Lan2Lan (Paulo Lopes)


----------------------------------------------------------------------

Message: 1
Date: Fri, 12 Apr 2019 12:07:28 -0600
From: Peter Baumgartner <pete@lincolnloop.com>
To: wireguard@lists.zx2c4.com
Subject: MacOS client with local DNS resolver
Message-ID:
<CAC6K9z=3D=xMwTBRf3sA_5=OKR2R8o6aRa3JedGxzxVEzn-+Bw@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"

I'm using the official Mac GUI client (version 0.0.20190409) and am
having troubles with DNS after connection. I use a local DNS resolver,
so I have my DNS manually set to 127.0.0.1 on the network interface:

   $ scutil --dns | grep scoped -A50
   DNS configuration (for scoped queries)

   resolver #1
     nameserver[0] : 127.0.0.1
     if_index : 8 (en0)
     flags    : Scoped, Request A records, Request AAAA records
     reach    : 0x00030002 (Reachable,Local Address,Directly Reachable Address)

Once I activate a Wireguard tunnel, the resolvers are updated to the
IP of my Wireguard server:

   $ scutil --dns | grep scoped -A50
   DNS configuration (for scoped queries)

   resolver #1
     nameserver[0] : 10.0.77.1
     if_index : 8 (en0)
     flags    : Scoped, Request A records
     reach    : 0x00000002 (Reachable)

   resolver #2
     nameserver[0] : 10.0.77.1
     if_index : 19 (utun2)
     flags    : Scoped, Request A records
     reach    : 0x00000003 (Reachable,Transient Connection)

Setting `DNS = 127.0.0.1` on the [Interface] section for my client has
no effect.

How can I activate the tunnel, but keep my DNS resolver as 127.0.0.1?


------------------------------

Message: 2
Date: Sun, 14 Apr 2019 18:17:04 +0100
From: Will Tisdale <will@z3n.uk>
To: wireguard@lists.zx2c4.com
Subject: Request to change IPv4 preference - mobile apps
Message-ID:
<CAFWLA-XbDKtYHib8G2ujk7E+fsuPco9uX9NvPsu35Dd_HxVGyA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"

Hello,

I sent a message to the list about weirdness with IPv4 being preferred
over IPv6 in the iOS app a few days ago, but it didn't get there for
whatever reason.

I've since done a bit of digging through the code and found that
preferring IPv4 is intentional, and it's also implemented that way on
the Android app too.

It seems a shame to hobble native IPv6 support for everyone just to
work around some peoples misconfigured setups.

My suggestion/request would be to change the apps to prefer IPv6 as
default, but add a switch to the apps to disable IPv6 or prefer IPv4
for those with broken setups.

Does that seem reasonable?


Cheers,


-Will


------------------------------

Message: 3
Date: Thu, 18 Apr 2019 09:47:23 +0000
From: steamport <steamport@protonmail.com>
To: "wireguard@lists.zx2c4.com" <wireguard@lists.zx2c4.com>
Subject: WireGuard Android kernel module+gnirehtet?
Message-ID:
<EwYrrc-xpesfT0VwXUQnoXU-HHmFugo8Pj3MZu7o6nDNgazeJIegFKwyCNXABg4fBvsuTbTwAnEy52gaBLbzckHhOwUaFEFXOQggOQwGYPM=@protonmail.com>

Content-Type: text/plain; charset="utf-8"

Hey, it appears the WireGuard kernel module doesn't work on top of an Android VPN, even if it's a reverse tethering thing like?gnirehtet.

Also sorry if this isn't the proper place to report/say this.

Sent with ProtonMail Secure Email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20190418/edd46c99/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - steamport@protonmail.com - 0x170EF114.asc
Type: application/pgp-keys
Size: 678 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20190418/edd46c99/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20190418/edd46c99/attachment.asc>

------------------------------

Message: 4
Date: Tue, 30 Apr 2019 00:41:14 +0200
From: Illule <illule@ubstee.fr>
To: wireguard@lists.zx2c4.com
Subject: DNS on macos
Message-ID: <8D6A8B89-F86B-4899-92FB-BCA9D455D79C@ubstee.fr>
Content-Type: text/plain; charset=utf-8

Hi,

On macos the DNS set by wireguard is used as secondary DNS :
sudo scutil ?dns returns :
```
DNS configuration (for scoped queries)

resolver #1
search domain[0] : home
nameserver[0] : fe80::924d:4aff:feeb:2eb0%en0
nameserver[1] : 192.168.137.1
if_index : 8 (en0)
flags    : Scoped, Request A records, Request AAAA records
reach    : 0x00020002 (Reachable,Directly Reachable Address)

resolver #2
nameserver[0] : 10.137.3.3
if_index : 17 (utun1)
flags    : Scoped, Request A records
reach    : 0x00000003 (Reachable,Transient Connection)
```

Is it wanted ? I?d prefer use my personnal DNS as main resolver. Moreover safari seems to being able to use it when a domain is not public but not command like dig.

Best regards,

Illule

------------------------------

Message: 5
Date: Wed, 1 May 2019 15:19:08 +0000
From: Paulo Lopes <plopes1960@hotmail.com>
To: "wireguard@lists.zx2c4.com" <wireguard@lists.zx2c4.com>
Subject: Deploy a wireguard on 2 raspberry pi to connect 2 remote lan
- Lan2Lan
Message-ID:
<AM0PR08MB3522DC4AA812C933D8285AFCD43B0@AM0PR08MB3522.eurprd08.prod.outlook.com>

Content-Type: text/plain; charset="utf-8"

Hi all!!!

First, let me thank for the amazing vpn protocol that Wireguard is!!!!

I need your advise. As you can see on the picture attach, I have 2 raspberry pi. One as a vpn server and the other as a vpn client to connect 2 remote Lan.

Can you point me what I need to do, if I want to replace the openvpn for the wireguard?

I can connect 2 rpi with wireguard, but, the others ip machinies on the server and client side can?t see each other.

With openvpn I needed to inser iroute and add a static route on both routers. What I need to with the wireguard?

Once again many tahnks for all the help you can give me?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20190501/43336e96/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 43065884_1892102284211888_2227626938879442944_n.jpg
Type: image/jpeg
Size: 46732 bytes
Desc: 43065884_1892102284211888_2227626938879442944_n.jpg
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20190501/43336e96/attachment.jpg>

------------------------------

Subject: Digest Footer

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard


------------------------------

End of WireGuard Digest, Vol 38, Issue 5
****************************************